{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:17:11.926","vulnerabilities":[{"cve":{"id":"CVE-2020-15271","sourceIdentifier":"security-advisories@github.com","published":"2020-10-26T18:15:14.480","lastModified":"2024-11-21T05:05:14.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in \"terminal\" and \"file_loader\" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme."},{"lang":"es","value":"En lookatme (paquete python/pypi) versiones anteriores a 2.3.0, el paquete cargaba automáticamente las extensiones integradas \"terminal\" y \"file_loader\". Los usuarios que usan lookatme para renderizar rebajas que no son de confianza pueden ejecutar comandos de shell maliciosos automáticamente en su sistema. Esto es corregido en la versión 2.3.0. Como solución alternativa, los archivos \"lookatme/contrib/terminal.py\" y \"lookatme/contrib/file_loader.py\" pueden ser eliminados manualmente. Además, es siempre recomendado estar al tanto de lo que se está renderizando con lookatme"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lookatme_project:lookatme:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"FD795181-94C0-4D6E-BD09-B2F5B2D6A584"}]}]}],"references":[{"url":"https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/pull/110","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://pypi.org/project/lookatme/#history","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/pull/110","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pypi.org/project/lookatme/#history","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}